A Guide to use SSL

 

Why you need security for your site

The Internet has created many new global business opportunities for enterprises conducting online commerce. However, the many security risks associated with conducting e-commerce have resulted in security becoming a major factor for online success or failure.

Over the past 7 years, consumer magazines, industry bodies and security providers have educated the market on the basics of online security. The majority of consumers now expect security to be integrated into any online service they use, as a result they expect any details they provide via the Internet to remain confidential and integral. For many customers, the only time they will ever consider buying your products or services online is when they are satisfied their details are secure.

This SSL guide explains how to use SSL from Instantssl to activate the core security technology available on your existing web server. You will also learn how Instant SSL allows you to protect your customer's transactions and provide visitors with proof of your digital identity - essential factors in gaining confidence in your services and identity.

Using Instant SSL to secure your online transactions tells your customers you take their security seriously. They will visibly see that their online transaction will be secure, confidential and integral and give them the confidence that you have removed the risk associated with trading over the Internet.

Using Security helps you realize the benefits of online commerce:

• Cost effectiveness of online operations and delivery
• Open global markets - gain customers from all over the world
• New and exciting ways of marketing directly to your customers
• Offer new data products and services via the Web

Only if you have visibly secured your site with SSL security technology (https) will your customers have confidence in your online operations. Read on to learn how SSL helps you achieve the confidence essential to successful e-commerce.

What is SSL?

Secure Sockets Layer, SSL, is the standard security technology for creating an encrypted link between a web server and a browser. This link ensures that all data passed between the web server and browser remain private and integral. SSL is an industry standard and is used by millions of websites in the protection of their online transactions with their customers. In order to be able to generate an SSL link, a web server requires an SSL Certificate.

When you choose to activate SSL on your webserver you will be prompted to complete a number of questions about the identity of your website (e.g. your website's URL) and your company (e.g. your company's name and location). Your webserver then creates two cryptographic keys - a Private Key and a Public Key. Your Private Key is so called for a reason - it must remain private and secure. The Public Key does not need to be secret and is placed into a Certificate Signing Request (CSR) - a data file also containing your details. You should then submit the CSR during the SSL Certificate application process Comodo, the Instant SSL Certification Authority, who will validate your details and issue an SSL Certificate containing your details and allowing you to use SSL.

Your webserver will match your issued SSL Certificate to your Private Key. Your webserver will then be able to establish an encrypted link between the website and your customer's web browser.

For detailed application and installation instructions please refer to section "Step by step instructions to set up SSL on your webserver" of this guide.

Displaying the SSL Secure Padlock

The complexities of the SSL protocol remain invisible to your customers. Instead their browsers provide them with a key indicator to let them know they are currently protected by an SSL encrypted session - the Padlock:

As seen by users of Internet Explorer

Clicking on the Padlock displays your SSL Certificate and your details:

As seen by users of Internet Explorer

All SSL Certificates are issued to either companies or legally accountable individuals. Typically an SSL Certificate will contain your domain name, your company name, your address, your city, your state and your country. It will also contain the expiry date of the Certificate and details of the Certification Authority responsible for the issuance of the Certificate.

When a browser connects to a secure site (https) it will retrieve the site's SSL Certificate and check that it has not expired, it has been issued by a Certification Authority the browser trusts, and that it is being used by the website for which it has been issued. If it fails on any one of these checks the browser will display a warning to the end user.